I have a problem with thingsBoard, I can make a relation in the website with a user account and I tried to relate a device to an asset but when it comes to rest API it gives me a 403 error code.
I used swagger UI and I used entity-relation API and I used save relation API for this.
I believe that your problems is that you are not logged to your swagger.
In your image, look the exclamation sign inside the red circle, that meaning you didn't set your token on the swagger.
How to get the token:
curl --location --request POST 'http://YOUR_IP_ADDRESS/api/auth/login'
--header 'Content-Type: application/json'
--header 'Accept: application/json'
--data-raw '{
"username": "YOUR_EMAIL_ADDRESS",
"password": "YOUR_PASSWORD"
}'
With the token received, go back to the top of the swagger and looking for the "authorize" button. There put your token.
When you go back to your operation, you can see that the exclamation sign now is in a blue circle. Try again! Now, your operation should work!!
Related
I am trying to upload an image to Twitter using their upload media endpoints. However, I always get a 403 Forbidden error.
I have created an application in my Twitter Developer Console, which gave me a bearer token and I am using that to pass in my headers. Here is what things are looking like in postman:
Here is the generated cURL:
curl --location --request POST "https://upload.twitter.com/1.1/media/upload.json?media_category=tweet_image" ^
--header "Content-Length: 53466" ^
--header "Authorization: Bearer AAAAAAAAAAAAAAAAAAAAAD1mTQ<REST_OF_BEARER_TOKEN>" ^
--header "Cookie: guest_id=v1%3A163072111368923415; personalization_id=\"v1_Enx+SO8Z5+LYLTsABCKDtg==\"" ^
--form "media=#\"/C:/Users/mikel/Desktop/lions_gate.jpg\""
I am clearly missing something. Why do I continue to get a 403 error?
Thanks!
A Bearer Token will not work with the media upload endpoints. A Bearer Token only provides “app authentication”. You need to use “user authentication” (also known as 3-legged OAuth) in order to identify as a user. Per the documentation:
Requires authentication? Yes (user context only)
I am trying to get the status of Paytm transaction
but the response which I am getting from the Paytm server is always this TXN_FAILURE
Anyone please help me what mistake I am doing here
I am using correct order_id and mid
You can check Transaction Status API on our Paytm Developer portal which should work. Please find a sample curl request for the same
curl -X POST 'https://securegw-stage.paytm.in/v3/order/status'
--header 'Content-Type: application/json'
--data '{"body":{"mid":"{mid}","orderId":"{order-id}"},"head":{"signature":"{signature}"}}'
I am trying to upload a Video to my YouTube account using my own Application(Spring-boot) with the help of Google Library. But every time when I try to call the insert API of YouTube it asks for a Physical Sign in to Google Account. I want to upload my Video without Google Signin via passing the API Key or the client credentials(generated in Google Console for OAuth) in a post Request. I don't want to signin to google every time to upload a video. My account should be verified with the credentials I provide in the post Request.
curl --request POST
'https://youtube.googleapis.com/youtube/v3/videos?key=[YOUR_API_KEY]'
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]'
--header 'Accept: application/json'
--header 'Content-Type: application/json'
--data '{}'
--compressed
Another Question is How I can get [YOUR_ACCESS_TOKEN] ..?
End Point URL : POST https://www.googleapis.com/upload/youtube/v3/videos
Google Link : YouTube Upload Video steps
Any Suggestion would be Very Helpful.
JAVA code snippet :
you can find this on Google Link.
The only way to do that would be to request offline access. At which point you should get a refresh token back. You can then use the refresh token to request a new access token at a later date without requiring that you login to google again.
Since your code is in Curl i have posted a response using Curl, even though your question mentons java.
# Authorization link. Place this in a browser and copy the code that is returned after you accept the scopes.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code
# Exchange Authorization code for an access token and a refresh token.
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token
Code ripped from my Gist
By testing OAuth 2.0 Web Server Flow for Web App Integration in Salesforce, I've found a way to negotiate an access token by doing something somewhat weird.
Here is the scenario.
I've create two accounts :
phdezann+user01-mbpt#force.com
phdezann+user02-8wl6#force.com
With the second account, I've created an New Connected App and enabled Enable OAuth Settings and got a pair of clientId and secretId, part of the OAuth protocol.
Then, I've requested an authorization code by going to :
https://login.salesforce.com/services/oauth2/authorize?client_id=<client_id_of_user02_instance>&redirect_uri=http://localhost:8080&response_type=code
Here, and this is the interesting part, I logged in with the user01 and managed to get an authorization code in the callback.
And finally, I've tried to convert that authorization code to an access token :
curl \
--location \
--request POST 'https://login.salesforce.com/services/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=<authorization_code_from_user01>' \
--data-urlencode 'client_id=<client_id_of_user02_instance>' \
--data-urlencode 'client_secret=<client_secret_of_user02_instance>' \
--data-urlencode 'redirect_uri=http://localhost:8080'
And, it worked. I got :
{
"access_token": "00D2X00000....",
"signature": "CSfC0khkT7...",
"scope": "api",
"instance_url": "https://eu13.salesforce.com",
"id": "https://login.salesforce.com/id/00D2X000003IgQFUA0/0052X00000AP6AdQAL",
"token_type": "Bearer",
"issued_at": "1596728532049"
}
I really don't get how this is possible, I surely miss something here.
That's by design and it's an OAuth2 thing, not really Salesforce thing.
If you would be making a mobile app or some amazing integration with your website - it's impractical to ask every admin to generate the app, paste keys to your mobile app and distribute to users... You'd ship your app with one pair of keys you control and then the end users decide if they trust you, want to proceed, are comfortable with the level of access you are requesting...
You can paste your keys to https://openidconnect.herokuapp.com/
or use it as is and get to your orgs.
See also https://salesforce.stackexchange.com/q/213666/799 and https://salesforce.stackexchange.com/q/70489/799
Hi I have the Google OAuth 2 explicit flow working according to:
https://developers.google.com/identity/protocols/OAuth2WebServer
I also have the implicit flow working on iOS with GIDSignIn, specifically I get the GIDSignInDelegate::sign(_ signIn: GIDSignIn!, didSignInFor user: GIDGoogleUser!, withError error: Error!) callback and have access to user.authentication.accessToken and user.authentication.refreshToken.
I'm trying to pass that refreshToken back to our private app server so that it can make requests on behalf of the user (mainly because it's easier to just sign in with the SDK than make the front end developers deal with raw URL requests).
However, when I try to use that refresh token to get a new access token on the back end:
curl --request POST \
--url https://www.googleapis.com/oauth2/v4/token \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'client_id={client_id}&client_secret={client_secret}&refresh_token={refresh_token}&grant_type=refresh_token'
It returns:
{ "error": "invalid_grant", "error_description": "Bad Request" }
I think the issue is that my server has a client id and secret, but iOS only has a client id. Without a secret (sometimes called key) corresponding to the iOS client id, there is no way for me to refresh the token on the back end. I was hopeful that Google would detect that both the server client id and iOS client id were registered to the same app and let the server refresh the token with its credentials, but that doesn't work.
I've looked at both the "API keys" and "OAuth 2.0 client IDs" sections at:
https://console.developers.google.com/apis/credentials
But am at a loss.
Does anyone know a curl command for refreshing a token acquired through the iOS SDK?
Or is this simply not possible?
Thanks!
For anyone reading this, I got it working:
On a whim I tried calling the refresh token endpoint without passing client_secret (as there isn't one when using implicit flow on mobile). Here is the curl:
curl --request POST \
--url https://www.googleapis.com/oauth2/v4/token \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'client_id={client_id}&refresh_token={refresh_token}&grant_type=refresh_token'
This appears to be undocumented. The closest example I found is at https://developers.google.com/identity/protocols/OAuth2InstalledApp#refresh but it shows client_secret=your_client_secret& and never mentions that with implicit flow, front end web and mobile apps don't normally use a client secret.
Please don't upvote my answer, as I haven't done anything. OAuth is generally not documented very well, or contains code snippets pertaining to platform SDKs without the underlying URL requests or curl examples. SDKs are often opaque/closed-source so would require dropping down to tcpdump or packet sniffing to see what's going on. I didn't do the due diligence, I just got lucky.
I have sent feedback to Google but if this issue has affected you, you can click the gear in Gmail and "Send feedback" to hopefully get documentation updated more quickly.
Please refer to this link:
https://developers.google.com/identity/sign-in/ios/offline-access
From the reference, you have to do 2steps below to let your server able to refresh your access token
Make sure your server and iOS app use credentials of the same project, 1 browser key and 1 iOS key
Add this line: [GIDSignIn sharedInstance].serverClientID = your_server_client_id